WO2026036237A1 - Procédé de traitement d'informations, dispositif, système de communication et support de stockage - Google Patents

Procédé de traitement d'informations, dispositif, système de communication et support de stockage

Info

Publication number
WO2026036237A1
WO2026036237A1 PCT/CN2024/111316 CN2024111316W WO2026036237A1 WO 2026036237 A1 WO2026036237 A1 WO 2026036237A1 CN 2024111316 W CN2024111316 W CN 2024111316W WO 2026036237 A1 WO2026036237 A1 WO 2026036237A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
information
message
security
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/111316
Other languages
English (en)
Chinese (zh)
Inventor
梁浩然
陆伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to PCT/CN2024/111316 priority Critical patent/WO2026036237A1/fr
Priority to CN202480001847.3A priority patent/CN121866797A/zh
Publication of WO2026036237A1 publication Critical patent/WO2026036237A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • This disclosure relates to the field of communication technology, and in particular to an information processing method, device, communication system and storage medium.
  • CAPIF Common API Framework
  • This disclosure aims to address the lack of a mechanism for authenticating API callers and negotiating security mechanisms in CAPIF interconnect scenarios.
  • an information processing method executed by a first device, comprising: receiving a first message sent by a second device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and sending a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • an information processing method executed by a fourth device, comprising: receiving a fifth message sent by a third device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message being used to request security information; the security information being used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a Secure Transport Protocol (TLS) connection between the second device and a first device; and sending a fifth response to the third device, wherein the fifth response includes security information.
  • TLS Secure Transport Protocol
  • an information processing method comprising: a fifth message sent by a third device to a fourth device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and a first device; and the fourth device sending a fifth response to the third device, wherein the fifth response includes security information.
  • a second device comprising: a third transceiver module configured to send a first message to a first device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and the third transceiver module configured to receive a first response sent by the first device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • a storage medium that stores instructions, which, when executed on a communication device, cause the communication device to perform the method described in the optional implementations of the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth aspects.
  • Figure 1A is a schematic diagram of the structure of an information processing system according to an embodiment of the present disclosure.
  • Figure 1B is a schematic diagram of a CAPIF interconnect according to an embodiment of the present disclosure.
  • Figure 2A is an interactive schematic diagram of an information processing method according to an embodiment of the present disclosure.
  • Figure 2B is an interactive schematic diagram of an information processing method according to an embodiment of the present disclosure.
  • Figure 3A is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 3B is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 3C is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 3D is a flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 4B is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 4C is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 4D is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 4E is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 5A is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 5B is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 6A is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 6B is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 6C is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 7A is an interactive schematic diagram of an information processing method according to an embodiment of the present disclosure.
  • Figure 7B is an interactive schematic diagram of an information processing method according to an embodiment of the present disclosure.
  • Figure 8A is a schematic diagram illustrating an overview of a CAPIF interconnect-related authentication mechanism according to an embodiment of the present disclosure.
  • Figure 8B is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 8C is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 8D is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure.
  • Figure 9A is a schematic diagram of the structure of a first device according to an embodiment of the present disclosure.
  • Figure 9B is a schematic diagram of the structure of a second device according to an embodiment of the present disclosure.
  • Figure 9C is a schematic diagram of the structure of a third device according to an embodiment of the present disclosure.
  • Figure 9D is a schematic diagram of the structure of a fourth device according to an embodiment of the present disclosure.
  • Figure 10A is a schematic diagram of the structure of a communication device provided according to an embodiment of the present disclosure.
  • Figure 10B is a schematic diagram of the structure of a chip provided according to an embodiment of the present disclosure.
  • This disclosure provides an information processing method, apparatus, communication system, and storage medium.
  • embodiments of this disclosure propose an information processing method, executed by a first device, comprising: receiving a first message sent by a second device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and sending a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • the security mechanism for interaction between the second and third devices can be determined. For example, it is possible to negotiate the security mechanism in a CAPIF interconnect scenario.
  • the first message further includes at least one of the following: first information, wherein the first information is used to indicate the security mechanisms supported by the second device; service information, which includes at least one of the following: service API, resources, services, and service operations.
  • the method further includes: determining a security mechanism for interaction between the second device and the third device based on at least one of the following: first information; second information, wherein the second information is used to indicate a security mechanism supported by the first device; third information, wherein the third information is used to indicate a security mechanism supported by the third device; and service information.
  • the method further includes: sending a second message to the fourth device when it is determined that the third device is discovered by the fourth device or when it is determined that the service information in the first message is discovered by the fourth device, wherein the second message includes a first identifier and is used to request third information; and receiving a second response sent by the fourth device, wherein the second response includes the third information.
  • the method further includes: sending a third message to a fourth device, wherein the third message is used to request a security mechanism for interaction between the second device and the third device; and receiving a third response sent by the fourth device, wherein the third response is used to indicate a security mechanism for interaction between the second device and the third device.
  • sending a third message to a fourth device includes: when it is determined that the third device has been discovered by the fourth device or when it is determined that the service information in the first message has been discovered by the fourth device, the fourth device sends a third message, wherein the third message includes fourth information; wherein the fourth information is used to indicate: a security mechanism jointly supported by the first device and the second device, or a security mechanism supported by the first device and/or a security mechanism supported by the second device.
  • the security mechanism includes at least one of the following: a first security mechanism, wherein the first security mechanism is a TLS-PSK-based mechanism; a second security mechanism, wherein the second security mechanism is a TLS-PKI-based mechanism; a third security mechanism, wherein the third security mechanism is a TLS-based mechanism with an OAuth token; a fourth security mechanism, wherein the fourth security mechanism is a mechanism based on an OAuth client credential stream; a fifth security mechanism, wherein the fifth security mechanism is a mechanism based on an authorization code stream; and a sixth security mechanism, wherein the sixth security mechanism is a mechanism based on a Code Exchange Proof Key (PKCE) stream.
  • PKCE Code Exchange Proof Key
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure propose an information processing method, executed by a first device, comprising: receiving a fourth message sent by a fourth device, wherein the fourth message includes a second identifier, the second identifier being an identifier of the second device; the fourth message being used to request security information; the security information being used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and the first device; and sending a fourth response to the fourth device, wherein the fourth response includes security information.
  • identity authentication and/or protection for the second device it is possible to obtain identity authentication and/or protection for the second device, verification and/or protection of the relevant authorization information of the second device, and security information for the establishment of TLS between the second device and the first device. For example, this facilitates effective authentication of the second device's identity in a CAPIF interconnection scenario.
  • the fourth message includes a first identifier, which is an identifier of the third device.
  • the first identifier is used to enable the fourth device to send information related to security information to the third device corresponding to the first identifier when the first device returns such information to the fourth device.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; a certificate, wherein the certificate is the root certificate of a certificate belonging to the first device or a certificate of a second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure propose an information processing method executed by a fourth device, comprising: receiving a third message sent by a first device, wherein the third message includes a first identifier, the first identifier being an identifier of the third device, and the third message being used to request a security mechanism for interaction between the second device and the third device; and sending a third response to the first device, wherein the third response is used to indicate the security mechanism for interaction between the second device and the third device.
  • the third message is sent by the first device when it determines that the third device has been discovered by the fourth device, or when it determines that the service information in the first message has been discovered by the fourth device, and the first message is received by the first device from the second device; the third message includes fourth information; wherein the fourth information is used to indicate: a security mechanism jointly supported by the first device and the second device, or a security mechanism supported by the first device and/or a security mechanism supported by the second device.
  • the method further includes: determining a security mechanism for interaction between the second device and the third device based on at least one of the following: fourth information; third information, wherein the third information is used to indicate a security mechanism supported by the third device, the third information being obtained from the device; and service information.
  • the method further includes: receiving a second message sent by a first device, wherein the second message includes a first identifier and is used to request third information; and sending a second response to the first device, wherein the second response includes the third information.
  • the security mechanism includes at least one of the following: a first security mechanism, wherein the first security mechanism is a TLS-PSK-based mechanism; a second security mechanism, wherein the second security mechanism is a TLS-PKI-based mechanism; a third security mechanism, wherein the third security mechanism is a TLS-based mechanism with an OAuth token; a fourth security mechanism, wherein the fourth security mechanism is a mechanism based on an OAuth client credential stream; a fifth security mechanism, wherein the fifth security mechanism is a mechanism based on an authorization code stream; and a sixth security mechanism, wherein the sixth security mechanism is a mechanism based on a code exchange proof key (PKCE) stream.
  • PKCE code exchange proof key
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure propose an information processing method, executed by a fourth device, comprising: receiving a message sent by a third device...
  • the fifth message includes a second identifier, which is an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, including a token associated with the second device; establishing a TLS connection between the second device and the first device; and sending a fifth response to a third device, wherein the fifth response includes security information.
  • the fifth message includes at least one of the following: a first identifier, wherein the first identifier is an identifier of the third device, the first identifier being used by the fourth device to send the fifth response to the third device corresponding to the first identifier; and a third identifier, wherein the third identifier is an identifier of the first device.
  • the fifth message includes a third identifier
  • the method further includes: sending a fourth message to a first device corresponding to the third identifier based on the third identifier; wherein the fourth message includes a second identifier, the second identifier being an identifier of the second device; the fourth message is used to request security information; the security information is used for at least one of the following: authenticating and/or protecting the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and the first device; and receiving a fourth response sent by the first device.
  • the fourth message includes: a first identifier, the first identifier being an identifier of a third device, the first identifier being used by the fourth device to send information related to security information to the third device corresponding to the first identifier when the first device returns such information to the fourth device.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; a certificate, wherein the certificate is the root certificate of a certificate belonging to the first device or a certificate of a second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • this disclosure provides an information processing method executed by a second device, comprising: sending a first message to a first device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, the first message being used to request a security mechanism for interaction between the second device and the third device; and receiving a first response sent by the first device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure propose an information processing method executed by a second device, comprising: sending a sixth message to a third device, wherein the sixth message includes a second identifier, the second identifier being an identifier of the second device, and the sixth message being used to request the initiation of an authentication process.
  • the sixth message includes at least one of the following: a third identifier, wherein the third identifier is an identifier of the first device; a first identifier, wherein the first identifier is an identifier of the third device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure provide an information processing method executed by a third device, comprising: sending third information to a fourth device, wherein the third information is used to indicate a security mechanism supported by the third device, wherein the third information is used by a first device to determine a security mechanism for interaction between the second device and the third device, or the third information is used by the fourth device to determine a security mechanism for interaction between the second device and the third device.
  • sending third information to the fourth device includes: sending third information to the fourth device during the process of the third device registering with the fourth device.
  • the method further includes: receiving a seventh message sent by a fourth device, wherein the seventh message is used to request third information.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • this disclosure provides an information processing method executed by a third device, comprising: receiving a sixth message sent by a second device, wherein the sixth message includes a second identifier; the second identifier is an identifier of the second device; and the sixth message is used to request the initiation of an authentication process.
  • the sixth message includes at least one of the following: a third identifier, wherein the third identifier is an identifier of the first device; a first identifier, wherein the first identifier is an identifier of the third device.
  • the method includes: sending a fifth message to a fourth device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and the first device; receiving a fifth response sent by the fourth device, wherein the fifth response includes security information.
  • the fifth message includes at least one of the following: a first identifier, wherein the first identifier is an identifier of the third device, and the first identifier is used by the fourth device to send the fifth response to the third device corresponding to the first identifier; a third identifier, The third identifier is the identifier of the first device.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; a certificate, wherein the certificate is a root certificate of a certificate belonging to the first device or a certificate of a second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • embodiments of this disclosure provide an information processing method, comprising: a second device sending a first message to a first device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and the first device sending a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • embodiments of this disclosure provide an information processing method, comprising: a fifth message sent by a third device to a fourth device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and a first device; and the fourth device sending a fifth response to the third device, wherein the fifth response includes security information.
  • embodiments of this disclosure provide a first device, comprising: a first transceiver module configured to receive a first message sent by a second device, wherein the first message includes a first identifier, the first identifier being an identifier of a third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and the first transceiver module configured to send a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • embodiments of this disclosure provide a first device, comprising: a first transceiver module configured to receive a fourth message sent by a fourth device, wherein the fourth message includes a second identifier, the second identifier being an identifier of the second device; the fourth message is used to request security information; the security information is used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and the first device; and the first transceiver module configured to send a fourth response to the fourth device, wherein the fourth response includes security information.
  • embodiments of this disclosure provide a fourth device, comprising: a second transceiver module configured to receive a third message sent by a first device, wherein the third message includes a first identifier, the first identifier being an identifier of the third device, and the third message being used to request a security mechanism for interaction between the second device and the third device; and the second transceiver module configured to send a third response to the first device, wherein the third response is used to indicate the security mechanism for interaction between the second device and the third device.
  • embodiments of this disclosure provide a fourth device, comprising: a second transceiver module configured to receive a fifth message sent by a third device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and a first device; and the second transceiver module configured to send a fifth response to the third device, wherein the fifth response includes security information.
  • embodiments of this disclosure provide a second device, comprising: a third transceiver module configured to send a first message to a first device, wherein the first message includes a first identifier, the first identifier being an identifier of the third device, and the first message being used to request a security mechanism for interaction between the second device and the third device; and the third transceiver module configured to receive a first response sent by the first device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • embodiments of this disclosure provide a second device, including: a third transceiver module configured to send a sixth message to the third device, wherein the sixth message includes a second identifier, the second identifier being an identifier of the second device, and the sixth message is used to request the initiation of an authentication process.
  • embodiments of this disclosure provide a third device, including: a fourth transceiver module configured to send third information to the fourth device, wherein the third information is used to indicate a security mechanism supported by the third device, wherein the third information is used by a first device to determine a security mechanism for interaction between a second device and the third device, or the third information is used by a fourth device to determine a security mechanism for interaction between the second device and the third device.
  • embodiments of this disclosure provide a third device, including: a fourth transceiver module configured to receive a sixth message sent by a second device, wherein the sixth message includes a second identifier; the second identifier is an identifier of the second device; and the sixth message is used to request the initiation of an authentication process.
  • embodiments of this disclosure provide a communication device including one or more processors; wherein the communication device is configured to execute optional implementations of the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, the seventh aspect, the eighth aspect, the ninth aspect, the tenth aspect, or the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect, the sixth aspect, the seventh aspect, the eighth aspect, the ninth aspect, and the tenth aspect.
  • embodiments of this disclosure provide a communication system, including: a first device, a fourth device, a second device, and the fourth device; wherein the first device is configured to perform an implementation of, or alternatively, the first aspect, the second aspect, or the first and second aspects.
  • the method described herein wherein the fourth device is configured to perform the method as described in the third aspect, the fourth aspect, or an optional implementation of the third aspect and the fourth aspect
  • the second device is configured to perform the method as described in the fifth aspect, the sixth aspect, or an optional implementation of the fifth aspect and the sixth aspect
  • the third device is configured to perform the method as described in the seventh aspect, the eighth aspect, or an optional implementation of the seventh aspect and the eighth aspect.
  • embodiments of this disclosure provide a storage medium storing instructions that, when executed on a communication device, cause the communication device to perform the method described in the optional implementations of the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth aspects.
  • embodiments of this disclosure provide a computer program product, which includes a computer program or instructions.
  • the computer program or instructions When executed by a processor, the computer program or instructions implement the methods described in the optional implementations of the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth aspects.
  • embodiments of this disclosure provide a computer program that, when run on a computer, causes the computer to perform the methods described in the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth aspects, or optional implementations of the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth aspects.
  • embodiments of this disclosure provide a chip or chip system; the chip or chip system includes processing circuitry configured to perform the method described according to the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth aspects, or alternative implementations of the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth aspects described above.
  • the aforementioned devices e.g., the first device, the second device, the third device, the fourth device, etc.
  • communication systems, storage media, program products, computer programs, chips, or chip systems are all used to execute the methods provided in the embodiments of this disclosure. Therefore, the beneficial effects that can be achieved can be referred to the beneficial effects in the corresponding methods, and will not be repeated here.
  • This disclosure provides an information processing method, apparatus, communication system, and storage medium.
  • the terms “information processing method” and “information processing device” are interchangeable, as are “information processing system” and “communication system”.
  • each step in a particular embodiment can be implemented as an independent embodiment, and the steps can be arbitrarily combined.
  • a solution after removing some steps in a particular embodiment can also be implemented as an independent embodiment, and the order of the steps in a particular embodiment can be arbitrarily interchanged.
  • the optional implementation methods in a particular embodiment can be arbitrarily combined; moreover, the embodiments can be arbitrarily combined, for example, some or all steps of different embodiments can be arbitrarily combined, and a particular embodiment can be arbitrarily combined with the optional implementation methods of other embodiments.
  • multiple refers to two or more.
  • the terms “at least one of”, “one or more”, “a plurality of”, “multiple”, etc., may be used interchangeably.
  • the notation "at least one of A and B", “A and/or B", “A in one case, B in another”, “in response to one case A, in response to another case B”, etc. may include the following technical solutions depending on the situation: in some embodiments, A (execute A regardless of B); in some embodiments, B (execute B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed); in some embodiments, A and B (both A and B are executed). The same applies when there are more branches such as A, B, C, etc.
  • the notation "A or B” may include the following technical solutions, depending on the situation: in some embodiments, A (execution of A regardless of B); in some embodiments, B (execution of B regardless of A); in some embodiments, execution is selected from A and B (A and B are selectively executed). The same applies when there are more branches such as A, B, C, etc.
  • the object being described is a "field,” then the ordinal numbers preceding "field” in “first field” and “second field” do not restrict the position or order of the "fields.”
  • First” and “second” do not restrict whether the "fields” they modify are in the same message, nor do they restrict the order of "first field” and “second field.”
  • the object being described is a "level,” then the ordinal numbers preceding "level” in “first level” and “second level” do not restrict the priority between “levels.”
  • the number of objects being described is not limited by ordinal numbers; there can be one or more. For example, in “first device,” the number of "devices" can be one or more.
  • objects modified by different prefixes can be the same or different.
  • first device and second device can be the same device or different devices, and their types can be the same or different.
  • first information and second information can be the same information or different information, and their content can be the same or different.
  • “including A,” “containing A,” “for indicating A,” and “carrying A” can be interpreted as directly carrying A or indirectly indicating A.
  • the terms “in response to...”, “in response to determining...”, “in the case of...”, “when...”, “if...”, “if...”, etc., can be used interchangeably.
  • the terms “greater than,” “greater than or equal to,” “not less than,” “more than,” “more than or equal to,” “not less than,” “higher than,” “higher than or equal to,” “not lower than,” and “above” can be used interchangeably, as can the terms “less than,” “less than or equal to,” “not greater than,” “less than,” “less than or equal to,” “not more than,” “lower than,” “lower than or equal to,” “not higher than,” and “below”.
  • devices, etc. can be interpreted as physical or virtual, and their names are not limited to the names recorded in the embodiments.
  • Terms such as “device”, “equipment”, “circuit”, “network element”, “node”, “function”, “unit”, “section”, “system”, “network”, “chip”, “chip system”, “entity”, and “subject” can be used interchangeably.
  • network can be interpreted as devices included in the network (e.g., access network devices, core network devices, etc.).
  • the terms “access network device (AN device),” “radio access network device (RAN device),” “base station (BS),” “radio base station,” “fixed station,” “node,” “access point,” “transmission point (TP),” “reception point (RP),” “transmission/reception point (TRP),” “panel,” “antenna panel,” “antenna array,” “cell,” “macro cell,” “small cell,” “femto cell,” “pico cell,” “sector,” “cell group,” “carrier,” “component carrier,” and “bandwidth part (BWP)” can be used interchangeably.
  • terminal In some embodiments, the terms "terminal”, “terminal device”, “user equipment (UE)”, “user terminal”, “mobile station (MS)”, “mobile terminal (MT)", “subscriber station”, “mobile unit”, “subscriber unit”, “wireless unit”, “remote unit”, “mobile device”, “wireless communication device”, “remote device”, “mobile subscriber station”, “access terminal”, “mobile terminal”, “wireless terminal”, “remote terminal”, “handset”, “user agent”, “mobile client”, and “client” can be used interchangeably.
  • access network devices, core network devices, or network devices can be replaced by terminals.
  • embodiments of this disclosure can also be applied to structures that replace communication between access network devices, core network devices, or network devices and terminals with communication between multiple terminals (e.g., also referred to as device-to-device (D2D), vehicle-to-everything (V2X), etc.).
  • the structure can also be configured such that the terminal has all or part of the functions of the access network device.
  • terms such as "uplink” and “downlink” can be replaced with terms corresponding to communication between terminals (e.g., "sidelink”).
  • uplink channel, downlink channel, etc. can be replaced with sidelink channel
  • uplink link, downlink link, etc. can be replaced with sidelink link.
  • the terminal may be replaced by an access network device, a core network device, or a network device.
  • the access network device, core network device, or network device may also be configured to have all or some of the functions of the terminal.
  • the acquisition of data, information, etc. may comply with the laws and regulations of the country where the location is situated.
  • data, information, etc. may be obtained with the user's consent.
  • each element, each row, or each column in the table of this disclosure can be implemented as an independent embodiment, and any combination of any element, any row, or any column can also be implemented as an independent embodiment.
  • Figure 1A is a schematic diagram of the structure of an information processing system 100 according to an embodiment of the present disclosure.
  • the information processing system 100 may include: a terminal 101 and a network device 102.
  • network device 102 may include at least one of an access network device and a core network device.
  • the first device may be CCF-A; the second device may be an API caller; the third device may be AEF; and the fourth device may be CCF-B.
  • the first device receives a second response sent by the fourth device.
  • the second response is determined based on the second message.
  • the second response includes third information.
  • the name of the second response is not limited, and it may be, for example, an AEF capability response, an AEF security method response, or an AEF security mechanism response.
  • Step S2105 The first device determines the security mechanism for interaction between the second and third devices.
  • the first device determines a security mechanism for interaction between the second and third devices based on one of the following information: first information, second information, third information, and service information.
  • the first device determines the security mechanism for interaction between the second and third devices based on the first information.
  • the first information may be used to instruct the second device to support the first security mechanism, thus determining the first security mechanism as the security mechanism for interaction between the second and third devices.
  • the first device determines the security mechanism for interaction between the second device and the third device based on the second information.
  • the second information may be used to instruct the first device to support the second security mechanism, thus determining the second security mechanism as the security mechanism for interaction between the second device and the third device.
  • the first device determines the security mechanism for interaction between the second and third devices based on third information.
  • the second information may be used to instruct the third device to support a third security mechanism, thus determining the third security mechanism as the security mechanism for interaction between the second and third devices.
  • the first device determines the security mechanism for interaction between the second and third devices based on first information and third information. For instance, the first information is used to instruct the second device to support a first security mechanism and a second security mechanism, and the third information is used to instruct the third device to instruct both the second and third security mechanisms, thus determining the second security mechanism as the security mechanism for interaction between the second and third devices.
  • the first device determines the security mechanism for interaction between the second device and the third device based on first information, second information, and third information. For instance, the first information is used to indicate that the second device supports a first security mechanism and a fourth security mechanism, the second information is used to indicate that the first device supports a second security mechanism and a fourth security mechanism, and the third information is used to indicate that the third device supports a third security mechanism and a fourth security mechanism, thus determining the fourth security mechanism as the security mechanism for interaction between the second device and the third device.
  • the security mechanism for the interaction between the second device and the third device is determined to be an authorized code stream; or, if the first device determines that the service information indicates the second device to subscribe to the requested service is a service that does not require real-time feedback, then the security mechanism for the interaction between the second device and the third device is determined to be TLS-PSK or TLS-PKI, etc.
  • the first device may determine the security mechanism exchanged between the second device and the third device based on the security mechanisms supported by one of the first device, the second device, and the third device, as well as the security mechanism required by the service indicated by the service information.
  • Step S2106 The first device sends a third message to the fourth device.
  • the fourth device receives a third message sent by the first device.
  • the third message is used to request a security mechanism for interaction between the second device and the third device.
  • the third message includes a first identifier and/or a second identifier.
  • the third message includes fourth information.
  • the fourth piece of information is used to indicate: a security mechanism jointly supported by the first device and the second device.
  • the jointly supported security mechanism could be: a common security mechanism or common security methods.
  • the fourth information is used to indicate: the security mechanisms supported by the first device and/or the security mechanisms supported by the second device.
  • the security mechanisms supported by the first device may refer to: a security mechanism or security method supported solely by the first device, or a full set of security mechanisms or security methods supported by the first device.
  • the security mechanisms supported by the second device may refer to: a security mechanism or security method supported solely by the second device, or a full set of security mechanisms or security methods supported by the second device.
  • the first device sends a third message to the fourth device if it determines that the third device has been discovered by the fourth device.
  • the first device sends a third message to the fourth device if it determines that the third device was discovered by the fourth device.
  • the first device if the first device determines that the service information in the first message was discovered by the fourth device, the first device sends a third message to the fourth device.
  • the name of the third message is not limited, and it may be, for example, a security method request or a security mechanism request.
  • step S2107 the fourth device determines the security mechanism for interaction between the second and third devices.
  • the fourth device determines the security mechanism for the interaction between the second and third devices based on at least one of the following: Fourth information, third information, and service information.
  • the fourth information when used to indicate the security mechanisms supported by the first device and/or the second device, the fourth information includes the second information and the third information.
  • the fourth device may determine the security mechanism for interaction between the second device and the third device based on at least one of the following: the first information, the second information, the third information, and service information.
  • the fourth device determines the security mechanism for interaction between the second device and the third device in a manner similar to the first device determining the security mechanism for interaction between the second device and the third device.
  • the fourth information when used to indicate a security mechanism jointly supported by the first device and the second device, i.e., the first device determines the security mechanism jointly supported by the first device and the second device, the fourth information can be determined based on the first information and the second information.
  • the first device first determines the security mechanism jointly supported by the first device and the second device, and then sends the fourth information to the third device so that the fourth device, based on the security mechanism jointly supported by the first device and the second device, determines the security mechanism for interaction between the second device and the third device with other information (such as at least one of the third information and the secondary service information).
  • the fourth device determining the security mechanism for interaction between the second device and the third device is similar to the first device determining the security mechanism for interaction between the second device and the third device; for a specific implementation, please refer to the example in step S2105.
  • step S2108 the fourth device sends a third response to the first device.
  • the first device receives a third response sent by the fourth device.
  • the third response is used to indicate a security mechanism for interaction between the second device and the third device.
  • the third response is determined based on a third message.
  • the third response may include a first identifier and/or a second identifier.
  • the third response may include a fourth identifier, a first identifier, and a second identifier; wherein the fourth identifier is an identifier of a fourth device, used to indicate that the security mechanism is provided by the fourth device.
  • the name of the fourth identifier is not limited, and it may be, for example, CCF-B ID.
  • the name of the third response is not limited, and it may be, for example, a security method response or a security mechanism response.
  • steps S2103 to S2105 are parallel to steps S2106 to S2108; steps S2103 to S2105 are optional, or steps S2106 to S2108 are optional.
  • Step S2109 The first device sends a first response to the second device.
  • the second device receives a first response sent by the first device.
  • the first response is used to indicate a security mechanism for interaction between the second device and the third device.
  • the first response may include a first identifier and/or a second identifier.
  • the first response may include a fourth identifier, a first identifier, and a second identifier; wherein the fourth identifier is an identifier of a fourth device, and the fourth identifier is used to indicate that the security mechanism is provided by the fourth device.
  • the first response may include a third identifier, a first identifier, and a second identifier; wherein the third identifier is an identifier of the first device, and the first identifier is used to indicate that the security mechanism is provided by the first device.
  • the name of the third identifier is not limited, and it may be, for example, CCF-A ID.
  • the first response is determined based on a first message.
  • the name of the first response is not limited, and it may be, for example, a security method response or a security mechanism response.
  • the names of information, etc. are not limited to the names described in the embodiments.
  • Terms such as “information”, “message”, “signal”, “signaling”, “report”, “configuration”, “indication”, “instruction”, “command”, “channel”, “parameter”, “domain”, “field”, “symbol”, “symbol”, “codebook”, “codeword”, “codepoint”, “bit”, “data”, “program”, and “chip” can be used interchangeably.
  • “get,” “obtain,” “receive,” “transmit,” “bidirectional transmission,” and “send and/or receive” can be used interchangeably and can be interpreted as receiving from other entities, obtaining from protocols, obtaining from higher layers, obtaining through self-processing, or autonomous implementation, among other meanings.
  • steps S2102, S2103, S2104, and S2105 can be implemented as independent embodiments; the following combinations of steps S2101, S2102, S2103, S2104, S2105, and S2109 can be implemented as independent embodiments; the following combinations of steps S2106 to S2108 can be implemented as independent embodiments; the following combinations of steps S2106, S2107, and S2108 can be implemented as independent embodiments; the following combinations of steps S2102, S2106, S2107, S2108, and S2109 can be implemented as independent embodiments; the following combinations of steps S2101 to S2109 can be implemented as independent embodiments.
  • the fourth device receives a fifth message sent by the third device.
  • the second identifier is used to indicate the certified device.
  • the first identifier is used by the fourth device to send the fifth response to the third device corresponding to the first identifier.
  • the first identifier is used to cause the fourth device to send information related to security information to the third device corresponding to the first identifier when the first device returns such information to the fourth device.
  • the first identifier is used by the first device to send a fifth response based on a fifth message to the third device corresponding to the first identifier.
  • the third identifier is used by the fourth device to select the first device corresponding to the third identifier to send the fourth message.
  • the fifth message includes a third identifier
  • the third device sends a fourth message to the first device corresponding to the third identifier based on the third identifier.
  • the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting the relevant authorization information of the second device, including a token associated with the second device; and establishing a Secure Transport Protocol (TLS) connection between the second device and the first device.
  • TLS Secure Transport Protocol
  • security information may include at least one of the following: keys and certificates.
  • the key is generated by the first device.
  • the certificate is the root certificate of the certificate belonging to the first device or the certificate of the second device.
  • the name of the fifth message is not limited, and it may be, for example, a security information request, a key request, or a certificate request.
  • the fourth device if it stores security information, it can send the security information directly to the first device without interacting with the first device.
  • the third device That is, steps S2203 and S2204 described below can be ignored.
  • step S2203 the fourth device sends a fourth message to the first device.
  • the first device receives a fourth message sent by the fourth device.
  • the fourth message is used to request security information.
  • the fourth message may include at least one of the following: a first identifier, a second identifier, and a third identifier.
  • the fourth message includes a first identifier, which is used by the fourth device to send information related to security information to the third device corresponding to the first identifier when the first device returns such information to the fourth device.
  • the name of the fourth message is not limited, and it may be, for example, a security information request, a key request, or a certificate request.
  • step S2204 the first device sends a fourth response to the fourth device.
  • the fourth response includes security information.
  • the fourth response may include at least one of the following: a first identifier, a second identifier, and a third identifier.
  • the first identifier may further indicate that security information is returned to a third device corresponding to the first identifier.
  • the second identifier may further indicate a second device that has authenticated its identity.
  • the third identifier may indicate that security information is obtained from a first device corresponding to the third identifier.
  • the fourth response is determined based on the fourth message.
  • the name of the fourth response is not limited, and it may be, for example, a security information response, a key response, or a certificate response.
  • step S2205 the fourth device sends a fifth response to the third device.
  • the fifth response includes security information.
  • the fifth response may include at least one of the following: a first identifier, a second identifier, and a third identifier.
  • the fifth response may include at least one of the following: a first identifier, a second identifier, and a fourth identifier.
  • the fourth identifier may also be used to indicate that security information is to be obtained from the first device corresponding to the fourth identifier.
  • the fifth response is determined based on the fifth message.
  • the name of the fifth response is not limited; it may be, for example, a security information response, a key response, or a certificate response.
  • step S2206 the third device sends a sixth response to the second device.
  • the second device receives a sixth response sent by the third device.
  • the sixth response is used to agree to begin the authentication process or to initiate the authentication process.
  • the sixth response is used to agree to or initiate the authentication process for the identity of the second device.
  • the sixth response may include security information.
  • the sixth response may include a security mechanism corresponding to the security information.
  • the name of the sixth response is not limited, and it may be, for example, an authentication initiation response or an authentication start response.
  • step S2201 can be implemented as an independent embodiment
  • step S2202 can be implemented as an independent embodiment
  • step S2203 can be implemented as an independent embodiment
  • step S2204 can be implemented as an independent embodiment
  • step S2205 can be implemented as an independent embodiment
  • step S2206 can be implemented as an independent embodiment
  • a combination of steps S2201 and S2206 can be implemented as an independent embodiment
  • a combination of steps S2202 and S2205 can be implemented as an independent embodiment
  • a combination of steps S2203 and S2204 can be implemented as an independent embodiment
  • a combination of steps S2201 and S2202 and steps S2205 and S2206 can be implemented as an independent embodiment
  • a combination of steps S2201 to S2206 can be implemented as an independent embodiment.
  • steps S2201 and S2206 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • steps S2201 and S2206, and steps S2203 to S2204 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • steps S2203 to S2204 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 3A is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 3A, the embodiment of the present disclosure relates to an information processing method executed by a first device, the method comprising:
  • Step S3101 Obtain the first message.
  • step S3101 can be found in the optional implementation of step S2101 in Figure 2A and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device receives a first message sent by the second device, but is not limited thereto; it may also receive a first message sent by another entity.
  • the first device acquires the first message specified in the protocol.
  • the first device obtains the first message from the upper layer(s).
  • the first device processes the data to obtain the first message.
  • step S3101 is omitted, the first device autonomously implements the function indicated by the first message, or the above function is a default or default setting.
  • Step S3102 Send the second message.
  • step S3102 can be found in the optional implementation of step S2103 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device may send a second message to a fourth device, but is not limited thereto; it may also send a second message to other entities.
  • Step S3103 Obtain the second response.
  • step S3103 can be found in the optional implementation of step S2104 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device receives a second response sent by the fourth device, but is not limited thereto; it may also receive a second response sent by other entities.
  • the first device obtains a second response as specified in the protocol.
  • the first device obtains a second response from an upper layer(s).
  • the first device processes the data to obtain a second response.
  • step S3101 is omitted, the first device autonomously implements the function indicated by the second response, or the above function is default or default.
  • Step S3104 Determine the security mechanism for interaction between the second device and the third device.
  • step S3104 can be found in the optional implementation of step S2105 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • Step S3105 Send the third message.
  • step S3105 can be found in the optional implementation of step S2106 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device may send a third message to a fourth device, but is not limited thereto; it may also send a third message to other entities.
  • Step S3106 Obtain the third response.
  • step S3106 can be found in the optional implementation of step S2108 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device receives a third response sent by the access network device, but is not limited thereto; it may also receive a third response sent by other entities.
  • the first device obtains a third response as specified in the protocol.
  • the first device obtains a third response from an upper layer(s).
  • the first device processes the data to obtain a third response.
  • step S3106 is omitted, the first device autonomously implements the function indicated by the third response, or the above function is default or default.
  • steps S3102 to 3104 are optional, or steps S3105 and S3106 are optional.
  • Step S3107 Send the first response.
  • step S3107 can be found in the optional implementation of step S2109 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device may send a first response to the second device, but is not limited thereto; it may also send a first response to other entities.
  • step S3101 can be implemented as an independent embodiment
  • step S3102 can be implemented as an independent embodiment
  • step S3103 can be implemented as an independent embodiment
  • step S3104 can be implemented as an independent embodiment
  • step S3105 can be implemented as an independent embodiment
  • step S3106 can be implemented as an independent embodiment
  • step S3107 can be implemented as an independent embodiment
  • a combination of steps S3101 and S3107 can be implemented as an independent embodiment
  • a combination of steps S3102 and S3103 can be implemented as an independent embodiment
  • step S3102 and step S3107 can be implemented as an independent embodiment.
  • steps S3103 and S3104 can be implemented as an independent embodiment; the combination of steps S3101, S3102, S3103, S3104, and S3107 can be implemented as an independent embodiment; the combination of steps S3105 and S3106 can be implemented as an independent embodiment; the combination of steps S3101, S3105, S3106, and S3107 can be implemented as an independent embodiment; the combination of steps S3101 to S3107 can be implemented as an independent embodiment.
  • steps S3102 to S3104 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • steps S3105 and S3106 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 3B is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 3B, the embodiment of the present disclosure relates to an information processing method executed by a first device, the method comprising:
  • Step S3201 Receive a first message sent by the second device, wherein the first message includes a first identifier, the first identifier being the identifier of the third device, and the first message is used to request a security mechanism for interaction between the second device and the third device.
  • step S3201 can be found in step S2101 in Figure 2A or step S3101 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Step S3202 Send a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • step S3202 can be found in step S2109 in Figure 2A or step S3107 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • the first message further includes at least one of the following: first information, wherein the first information is used to indicate the security mechanisms supported by the second device; service information, which includes at least one of the following: service API, resources, services, and service operations.
  • the method further includes: determining a security mechanism for interaction between the second device and the third device based on at least one of the following: first information; second information, wherein the second information is used to indicate a security mechanism supported by the first device; third information, wherein the third information is used to indicate a security mechanism supported by the third device; and service information.
  • the method further includes: sending a second message to the fourth device when it is determined that the third device is discovered by the fourth device or when it is determined that the service information in the first message is discovered by the fourth device, wherein the second message includes a first identifier and is used to request third information; and receiving a second response sent by the fourth device, wherein the second response includes the third information.
  • the method further includes: sending a third message to a fourth device, wherein the third message is used to request a security mechanism for interaction between the second device and the third device; and receiving a third response sent by the fourth device, wherein the third response is used to indicate a security mechanism for interaction between the second device and the third device.
  • sending a third message to a fourth device includes: if it is determined that the third device is discovered by the fourth device or if it is determined that the service information in the first message is discovered by the fourth device, the fourth device sends a third message, wherein the third message includes fourth information; wherein the fourth information is used to indicate: a security mechanism jointly supported by the first device and the second device, or a security mechanism supported by the first device and/or a security mechanism supported by the second device.
  • the security mechanism includes at least one of the following: a first security mechanism, wherein the first security mechanism is a TLS-PSK-based mechanism; a second security mechanism, wherein the second security mechanism is a TLS-PKI-based mechanism; a third security mechanism, wherein the third security mechanism is a TLS-based mechanism with an OAuth token; a fourth security mechanism, wherein the fourth security mechanism is a mechanism based on an OAuth client credential stream; a fifth security mechanism, wherein the fifth security mechanism is a mechanism based on an authorization code stream; and a sixth security mechanism, wherein the sixth security mechanism is a mechanism based on a Code Exchange Proof Key (PKCE) stream.
  • PKCE Code Exchange Proof Key
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • FIG. 3C is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 3B, this embodiment of the present disclosure relates to an information processing method executed by a first device, the method comprising:
  • Step S3301 Obtain the first message.
  • step S3301 can be found in step S2101 in Figure 2A or the optional implementation of step S3101 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Step S3302 Send the second message.
  • step S3302 can be found in step S2103 in Figure 2A or step S3102 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Step S3303 Obtain the second response.
  • step S3303 can be found in step S2104 in Figure 2A or step S3103 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Step S3304 Determine the security mechanism for interaction between the second device and the third device.
  • step S3304 can be found in step S2105 in Figure 2A or step S3104 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Step S3305 Send the first response.
  • step S3305 can be found in step S2109 in Figure 2A or step S3107 in Figure 3A, as well as other related parts in the embodiments involved in Figures 2A and 3A, which will not be repeated here.
  • Figure 3D is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 3D, the embodiment of the present disclosure relates to an information processing method executed by a first device, the method comprising:
  • Step S3401 Obtain the fourth message.
  • the fourth message includes a second identifier, which is an identifier of the second device; the fourth message is used to request security information; the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, including a token associated with the second device; and establishing a TLS connection between the second device and the first device.
  • step S3401 can be found in the optional implementation of step S2203 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the first device receives a fourth message sent by the second device, but is not limited thereto; it may also receive a fourth message sent by other entities.
  • the first device obtains the fourth message specified in the protocol.
  • the first device obtains a fourth message from the upper layer(s).
  • the first device processes the data to obtain the fourth message.
  • step S3401 is omitted, and the first device autonomously implements the function indicated by the fourth message, or the above function is defaulted or set to default.
  • Step S3402 Send the fourth response.
  • the fourth response may include security information.
  • step S3402 can be found in the optional implementation of step S2204 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the first device may send a fourth response to a fourth entity, but is not limited thereto; it may also send a fourth response to other entities.
  • step S3401 may be implemented as a standalone embodiment
  • step S3402 may be implemented as a standalone embodiment
  • a combination of steps S3401 and S3402 may be implemented as a standalone embodiment.
  • the fourth message includes a first identifier, which is an identifier of the third device.
  • the first identifier is used to send information related to security information from the first device to the fourth device, so that the fourth device sends the information to the third device corresponding to the first identifier.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; a certificate, wherein the certificate is the root certificate of a certificate belonging to the first device or a certificate of a second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 4A is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 4A, the embodiment of the present disclosure relates to an information processing method executed by a fourth device, the method comprising:
  • Step S4101 Obtain third information.
  • step S4101 can be found in the optional implementation of step S2102 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the fourth device receives third information sent by the third device, but is not limited thereto; it may also receive information sent by other entities.
  • the third piece of information may also receive information sent by other entities.
  • the fourth device acquires third information as specified in the protocol.
  • the fourth device obtains third information from the upper layer(s).
  • the fourth device processes the information to obtain the third information.
  • step S4101 is omitted, and the fourth device autonomously implements the function indicated by the third information, or the above function is the default or default.
  • the fourth device sends a seventh message to the third device.
  • the seventh message is used to request third information.
  • Step S4102 Obtain the second message.
  • step S4102 can be found in the optional implementation of step S2103 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the fourth device receives a second message sent by the first device, but is not limited thereto; it may also receive a second message sent by other entities.
  • the fourth device obtains the second message specified in the protocol.
  • the fourth device obtains the second message from the upper layer(s).
  • the fourth device processes the data to obtain the second message.
  • step S4102 is omitted, and the fourth device autonomously implements the function indicated by the second message, or the above function is the default or default value.
  • Step S4103 Send the second response.
  • step S4103 can be found in the optional implementation of step S2104 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the fourth device may send a second response to the first device, but is not limited thereto; it may also send a second response to other entities.
  • Step S4104 Obtain the third message.
  • step S4104 can be found in the optional implementation of step S2106 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the fourth device receives a third message sent by the first device, but is not limited thereto; it may also receive a third message sent by other entities.
  • the fourth device obtains a third message as specified in the protocol.
  • the fourth device obtains the third message from the upper layer(s).
  • the fourth device processes the data to obtain the third message.
  • step S4104 is omitted, and the fourth device autonomously implements the function indicated by the third message, or the above function is defaulted or set to default.
  • Step S4105 Determine the security mechanism for interaction between the second device and the third device.
  • step S4105 can be found in the optional implementation of step S2107 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • Step S4106 Send the third response.
  • step S4106 can be found in the optional implementation of step S2108 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the fourth device may send a third response to the first device, but is not limited thereto; it may also send a third response to other entities.
  • steps S4102 and S4103 are optional, or steps S4104 to S4106 are optional.
  • step S4101 can be implemented as an independent embodiment
  • step S4102 can be implemented as an independent embodiment
  • step S4103 can be implemented as an independent embodiment
  • step S4104 can be implemented as an independent embodiment
  • step S4105 can be implemented as an independent embodiment
  • step S4106 can be implemented as an independent embodiment
  • a combination of steps S4102 and S4103 can be implemented as an independent embodiment
  • a combination of steps S4101, S4102, and S4103 can be implemented as an independent embodiment
  • a combination of steps S4104 and S4106 can be implemented as an independent embodiment
  • a combination of steps S4104, S4105, and S4106 can be implemented as an independent embodiment
  • a combination of steps S4101 to S4106 can be implemented as an independent embodiment.
  • steps S4101, S4104 to S4106 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • steps S4101 to S4103 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 4B is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 4B, the embodiment of the present disclosure relates to an information processing method executed by a fourth device, the method comprising:
  • Step S4201 Receive a third message sent by the first device, wherein the third message includes a first identifier, which is the identifier of the third device, and the third message is used to request a security mechanism for interaction between the second device and the third device.
  • step S4201 can be found in step S2106 in Figure 2A or step S4104 in Figure 4A, as well as other related parts in the embodiments involved in Figures 2A and 4A, which will not be repeated here.
  • Step S4202 Send a third response to the first device, wherein the third response is used to indicate the security mechanism for interaction between the second device and the third device.
  • step S4202 can be found in the optional embodiments of step S2108 in Figure 2A or the optional embodiments of step S4106 in Figure 4A, as well as other related parts in the embodiments involved in Figures 2A and 4A, which will not be repeated here.
  • the third message is sent by the first device when it determines that the third device has been discovered by the fourth device, or when it determines that the service information in the first message has been discovered by the fourth device, and the first message is received by the first device from the second device; the third message includes fourth information; wherein the fourth information is used to indicate: a security mechanism jointly supported by the first device and the second device, or a security mechanism supported by the first device and/or a security mechanism supported by the second device.
  • the method further includes: determining a security mechanism for interaction between the second device and the third device based on at least one of the following: fourth information; third information, wherein the third information is used to indicate a security mechanism supported by the third device, the third information being obtained from the device; and service information.
  • the method further includes: receiving a second message sent by a first device, wherein the second message includes a first identifier and is used to request third information; and sending a second response to the first device, wherein the second response includes the third information.
  • the security mechanism includes at least one of the following: a first security mechanism, wherein the first security mechanism is a TLS-PSK-based mechanism; a second security mechanism, wherein the second security mechanism is a TLS-PKI-based mechanism; a third security mechanism, wherein the third security mechanism is a TLS-based mechanism with an OAuth token; a fourth security mechanism, wherein the fourth security mechanism is a mechanism based on an OAuth client credential stream; a fifth security mechanism, wherein the fifth security mechanism is a mechanism based on an authorization code stream; and a sixth security mechanism, wherein the sixth security mechanism is a mechanism based on a Code Exchange Proof Key (PKCE) stream.
  • PKCE Code Exchange Proof Key
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • Figure 4C is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 4C, the embodiment of the present disclosure relates to an information processing method executed by a fourth device, the method comprising:
  • Step S4301 Obtain the third message.
  • step S4301 can be found in step S2102 in Figure 2A or step S4101 in Figure 4A, as well as other related parts in the embodiments involved in Figures 2A and 4A, which will not be repeated here.
  • Step S4302 Obtain the second message.
  • step S4302 can be found in step S2103 in Figure 2A or step S4102 in Figure 4A, as well as other related parts in the embodiments involved in Figures 2A and 4A, which will not be repeated here.
  • Step S4303 Send the second response.
  • step S4303 can be found in step S2104 in Figure 2A or step S4103 in Figure 4A, as well as other related parts in the embodiments involved in Figures 2A and 4A, which will not be repeated here.
  • Figure 4D is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 4D, the embodiment of the present disclosure relates to an information processing method executed by a fourth device, the method comprising:
  • Step S4401 Obtain the fifth message.
  • step S4401 can be found in the optional implementation of step S2202 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the fourth device receives a fifth message sent by the third device, but is not limited thereto; it may also receive a fifth message sent by other entities.
  • the fourth device obtains the fifth message specified in the protocol.
  • the fourth device obtains the fifth message from the upper layer(s).
  • the fourth device processes the data to obtain the fifth message.
  • step S4401 is omitted, the fourth device autonomously implements the function indicated by the fifth message, or the above function is defaulted or set to default.
  • Step S4402 Send the fourth message.
  • step S4402 can be found in the optional implementation of step S2203 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the fourth device may send a fourth message to the first device, but is not limited thereto; it may also send a fourth message to other entities.
  • Step S4403 Obtain the fourth response.
  • step S4403 can be found in the optional implementation of step S2204 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the fourth device receives a fourth response sent by the first device, but is not limited thereto; it may also receive a fourth response sent by other entities.
  • the fourth device obtains the fourth response specified in the protocol.
  • the fourth device obtains a fourth response from the upper layer(s).
  • the fourth device performs processing to obtain a fourth response.
  • step S4403 is omitted, the fourth device autonomously implements the function indicated by the fourth response, or the above function is default or default.
  • Step S4404 Send the fifth response.
  • step S4404 can be found in the optional implementation of step S2205 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the fourth device may send a fifth response to the third device, but is not limited thereto; it may also send a fifth response to other entities.
  • step S4401 may be implemented as a standalone embodiment
  • step S4402 may be implemented as a standalone embodiment
  • step S4403 may be implemented as a standalone embodiment
  • a combination of steps S4401 and S4404 may be implemented as a standalone embodiment
  • a combination of steps S4401 to S4404 may be implemented as a standalone embodiment.
  • steps S4402 and S4403 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 4E is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 4E, the embodiment of the present disclosure relates to an information processing method executed by a fourth device, the method comprising:
  • Step S4501 Receive a fifth message sent by the third device, wherein the fifth message includes a second identifier, which is the identifier of the second device; the fifth message is used to request security information.
  • the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting the relevant authorization information of the second device, including a token associated with the second device; and establishing a TLS connection between the second device and the first device.
  • step S4501 can be found in step S2202 in Figure 2A, or optional implementations of step S4401 in Figure 4D, as well as other related parts in the embodiments involved in Figures 2B and 4D, which will not be repeated here.
  • Step S4502 Send a fifth response to the third device, wherein the fifth response includes security information.
  • step S4501 can be found in step S2205 in Figure 2A, or optional implementations of step S4404 in Figure 4B, as well as other related parts in the embodiments involved in Figures 2B and 4D, which will not be repeated here.
  • the fifth message includes at least one of the following: a first identifier, wherein the first identifier is an identifier of a third device, and the first identifier is used by the fourth device to send the fifth response to the third device corresponding to the first identifier; a third identifier, wherein the third identifier is a identifier of the first device.
  • the logo is a first identifier, wherein the first identifier is an identifier of a third device, and the first identifier is used by the fourth device to send the fifth response to the third device corresponding to the first identifier; a third identifier, wherein the third identifier is a identifier of the first device.
  • the fifth message includes a third identifier
  • the method further includes: sending a fourth message to a first device corresponding to the third identifier based on the third identifier; wherein the fourth message includes a second identifier, the second identifier being an identifier of the second device; the fourth message is used to request security information; the security information is used for at least one of the following: authenticating and/or protecting the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a Transport Security Protocol (TLS) connection between the second device and the first device; and receiving a fourth response sent by the first device.
  • TLS Transport Security Protocol
  • the fourth message includes: a first identifier, which is an identifier of a third device.
  • the first identifier is used to send information related to security information from the first device to the fourth device, so that the fourth device sends the information to the third device corresponding to the first identifier.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; and a certificate, wherein the certificate is the root certificate of a certificate belonging to the first device or a certificate of a second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • Figure 5A is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 5A, the embodiment of the present disclosure relates to an information processing method executed by a second device, the method comprising:
  • Step S5101 Send a first message to the first device, wherein the first message includes a first identifier, the first identifier being the identifier of the third device, and the first message is used to request a security mechanism for interaction between the second device and the third device.
  • step S5101 can be found in the optional implementation of step S2101 in Figure 2A and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • Step S5102 Receive a first response sent by the first device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • step S5102 can be found in the optional implementation of step S2109 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • step S5101 may be implemented as a standalone embodiment
  • step S5102 may be implemented as a standalone embodiment
  • a combination of steps S5101 and S5102 may be implemented as a standalone embodiment.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 5B is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 5B, the embodiment of the present disclosure relates to an information processing method executed by a second device, the method comprising:
  • Step S5201 Send a sixth message to the third device, wherein the sixth message includes a second identifier, which is the identifier of the second device, and the sixth message is used to request the start of the authentication process.
  • step S5201 can be found in the optional implementation of step S2201 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • Step S5202 Receive a sixth response sent by the third device, wherein the sixth response is used to indicate agreement to initiate the authentication process.
  • step S5202 can be found in the optional implementation of step S2206 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the sixth message includes at least one of the following: a third identifier, wherein the third identifier is an identifier of the first device; and a first identifier, wherein the first identifier is an identifier of the third device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • Figure 6A is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 6A, the embodiment of the present disclosure relates to an information processing method executed by a third device, the method comprising:
  • Step S6101 Send third information to the fourth device, wherein the third information is used to indicate the security mechanisms supported by the third device.
  • the third information is used by the first device to determine the security mechanism for the interaction between the second and third devices, or the third information is used by the fourth device to determine the security mechanism for the interaction between the second and third devices.
  • step S6101 can be found in the optional implementation of step S2102 in Figure 2A, and other related parts in the embodiments involved in Figure 2A, which will not be repeated here.
  • sending third information to a fourth device includes sending third information to the fourth device during the process of the third device registering with the fourth device.
  • the method further includes: receiving a seventh message sent by a fourth device, wherein the seventh message is used to request third information.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • Figure 6B is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 6B, the embodiment of the present disclosure relates to an information processing method executed by a third device, the method comprising:
  • Step S6201 Obtain the sixth message.
  • step S6201 can be found in the optional implementation of step S2201 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the third device receives a sixth message sent by the second device, but is not limited thereto; it may also receive a sixth message sent by other entities.
  • the third device obtains the sixth message specified in the protocol.
  • the third device obtains the sixth message from the upper layer(s).
  • the third device processes the data to obtain the sixth message.
  • step S6201 is omitted, the third device autonomously implements the function indicated by the sixth message, or the above function is default or default.
  • Step S6202 Send the fifth message.
  • step S6202 can be found in the optional implementation of step S2202 in Figure 2B and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the third device may send a fifth message to the fourth device, but is not limited thereto; it may also send a fifth message to other entities.
  • Step S6203 Obtain the fifth response.
  • step S6203 can be found in the optional implementation of step S2205 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the third device receives a fifth response sent by the fourth device, but is not limited thereto; it may also receive a fifth response sent by other entities.
  • the third device obtains the fifth response specified in the protocol.
  • the third device obtains the fifth response from the upper layer(s).
  • the third device processes the data to obtain a fifth response.
  • step S6203 is omitted, the third device autonomously implements the function indicated by the fifth response, or the above function is defaulted or set to default.
  • Step S6204 Send the sixth response.
  • step S6204 can be found in the optional implementation of step S2206 in Figure 2B, and other related parts in the embodiments involved in Figure 2B, which will not be repeated here.
  • the third device may send a sixth response to the second device, but is not limited thereto; it may also send a sixth response to other entities.
  • step S6201 may be implemented as a standalone embodiment
  • step S6202 may be implemented as a standalone embodiment
  • step S6203 may be implemented as a standalone embodiment
  • step S6204 may be implemented as a standalone embodiment
  • a combination of steps S6201 and S6204 may be implemented as a standalone embodiment
  • a combination of steps S6201 to S6204 may be implemented as a standalone embodiment.
  • steps S6202 and S6203 may be optional, and one or more of these steps may be omitted or substituted in different embodiments.
  • each embodiment can be implemented individually or in combination with each other, and the steps in each embodiment can be distinguished by their order.
  • Figure 6C is a schematic flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 6C, the embodiments of the present disclosure involve...
  • the information processing method is executed by a third device, and the method includes:
  • Step S6301 Receive a sixth message sent by the second device, wherein the sixth message includes a second identifier; the second identifier is the identifier of the second device; the sixth message is used to request the start of the authentication process.
  • step S6301 can be found in step S2201 in Figure 2B or step S6201 in Figure 6B, as well as other related parts in the embodiments involved in Figures 2B and 6B, which will not be repeated here.
  • Step S6302 Send a sixth response to the second device, wherein the sixth response is used to indicate agreement to initiate the authentication process.
  • step S6302 can be found in step S2201 in Figure 2B or step S6204 in Figure 6B, as well as other related parts in the embodiments involved in Figures 2B and 6B, which will not be repeated here.
  • the sixth message includes at least one of the following: a third identifier, wherein the third identifier is an identifier of the first device; or a first identifier, wherein the first identifier is an identifier of the third device.
  • the method includes: sending a fifth message to a fourth device, wherein the fifth message includes a second identifier, the second identifier being an identifier of the second device; the fifth message is used to request security information; the security information is used for at least one of: authenticating and/or protecting the identity of the second device; verifying and/or protecting relevant authorization information of the second device, the relevant authorization information including a token associated with the second device; and establishing a TLS connection between the second device and the first device; and receiving a fifth response sent by the fourth device, wherein the fifth response includes security information.
  • the fifth message includes at least one of the following: a first identifier, wherein the first identifier is an identifier of a third device, and the first identifier is used by the fourth device to send the fifth response to the third device corresponding to the first identifier; and a third identifier, wherein the third identifier is an identifier of the first device.
  • the security information includes at least one of the following: a key, wherein the key is generated by a first device; a certificate, wherein the certificate is a root certificate belonging to either the first device or the second device.
  • the first device and the second device are in the first domain; the third device and the fourth device are in the second domain.
  • Figure 7A is an interactive schematic diagram illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 7A, this embodiment of the present disclosure relates to an information processing method for an information processing system 100, the method including one of the following steps:
  • Step S7101 The second device sends a first message to the first device, wherein the first message includes a first identifier, the first identifier being the identifier of the third device, and the first message is used to request a security mechanism for interaction between the second device and the third device.
  • step S7101 can be found in step S2101 of Figure 2A, step S3101 of Figure 3A, step S5101 of Figure 5A, and other related parts in the embodiments involved in Figures 2A, 3A, 4A, and 5A, which will not be repeated here.
  • step S7102 the first device sends a first response to the second device, wherein the first response is used to indicate the security mechanism for interaction between the second device and the third device.
  • step S7102 can be found in the optional embodiments of step S2109 in Figure 2A, step S3107 in Figure 3A, the optional implementations of step S5102 in Figure 5A, and other related parts in the embodiments involved in Figures 2A, 3A, and 5A, which will not be repeated here.
  • the above methods may include the methods of the above-described information processing system side, first device side, second device side, third device side and/or fourth device side, etc., which will not be described again here.
  • Figure 7B is an interactive schematic diagram illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 7B, this embodiment of the present disclosure relates to an information processing method for an information processing system 100, the method including one of the following steps:
  • step S7201 the third device sends a fifth message to the fourth device, wherein the fifth message includes a second identifier, which is the identifier of the second device; the fifth message is used to request security information.
  • the security information is used for at least one of the following: authenticating and/or protecting the identity of the second device; verifying and/or protecting the relevant authorization information of the second device, including a token associated with the second device; and establishing a Secure Transport Protocol (TLS) connection between the second device and the first device.
  • TLS Secure Transport Protocol
  • step S7201 can be found in step S2202 in Figure 2B, step S4401 in Figure 4D, step S6202 in Figure 6B, step S5101 in Figure 5A, and other related parts in the embodiments involved in Figures 2B, 4D, and 6B, which will not be repeated here.
  • step S7202 the fourth device sends a fifth response to the third device, wherein the fifth response includes security information.
  • step S7202 can be found in the optional embodiment of step S2205 in Figure 2B, step S4404 in Figure 4D, the optional implementation of step S6203 in Figure 6B, and other related parts in the embodiments involved in Figures 2B, 4D, and 6B, which will not be repeated here.
  • the above methods may include the methods of the above-described information processing system side, first device side, second device side, third device side and/or fourth device side, etc., which will not be described again here.
  • FIG 8A is a schematic diagram illustrating an overview of a CAPIF interconnection-related authentication mechanism according to an embodiment of this disclosure.
  • the CAPIF interconnection-related authentication mechanism may include: Scheme 1, a TLS-PSK-based authentication mechanism in a CCF interconnection scenario; Scheme 2, a TLS-PKI-based authentication mechanism in a CCF interconnection scenario; Scheme 3, negotiating a security mechanism for a CAPIF interconnection scenario; Scheme 3 can be used to support Schemes 1 and 2.
  • the resource owner can be a user or a subscriber of the UE, depending on the usage and regulations.
  • the resource owner function is responsible for interacting with the resource owner; the resource owner function can be part of a UE, personal computer, etc.
  • the resource owner functionality enables at least one of the following functions: resource access authorization, management and revocation of resource access authorization.
  • TLS-PSK-based authentication mechanism in CCF interconnection scenarios TLS-PSK-based authentication mechanism in CCF interconnection scenarios:
  • Figure 8B is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 8B, the present disclosure relates to an information processing method, which includes:
  • Step S8101 A TLS connection is established between the API caller and the CCF-A.
  • the API caller sends service API interface information to CCF-A to export the key (AEF psk ).
  • the key (AEF psk ) is exported by setting the input key of the Key Derivation function (KDF) to the key of the CAPIF-1e TLS session, and the following parameters are also input to the KDF:
  • KDF Key Derivation function
  • FC 0x7A
  • P0 Service API interface information
  • P0 is the interface information of CAPIF-1e
  • CAPIF-1e is the interface between the API caller and CCF-A
  • P1 CAPIF-1e TLS session ID, generated as part of the TLS full handshake
  • L1 CAPIF-1e The length of the session ID for the TLS session.
  • the key (AEF psk ) is the key from the previous embodiment.
  • Step S8102 API caller and CCF-A export key (AEF psk ).
  • the API caller and CCF-A export the key (AEF psk ).
  • step S8103 the API caller sends an Authentication Initiation Request protected by a key (AEF psk ) to the AEF.
  • AEF psk Authentication Initiation Request protected by a key
  • the authentication initiation request includes an API Invoker ID and a CCF-A ID.
  • the API Invoker ID is the second identifier in the previous embodiment; the CCF-A ID is the third identifier in the previous embodiment.
  • the authentication initiation request can be the sixth message in the previous embodiment.
  • step S8104A AEF sends a security information request to CCF-B to request security information.
  • the AEF after receiving the authentication initiation request, if the AEF does not have a valid key, it requests security information from the CCF-B.
  • the security information request in step S8104A is the fifth message in the previous embodiment.
  • step S8104B CCF-B sends a security information request to CCF-A to request security information.
  • CCF-B after receiving the security information request, CCF-B sends the security information request to the CCF-A corresponding to the CCF-A ID based on the CCF-A ID in the security information request.
  • the security information request in step S8104B is the fourth message in the previous embodiment.
  • step S8104C CCF-A sends a security information response to CCF-B.
  • CCF-A sends a security information response to CCF-B, the security information response including security information and AEF ID; the security information may also include CCF-A ID and/or API Invoker ID.
  • the security information response in step S8304C can be the fourth response in the previous embodiments.
  • step S8104D CCF-B sends a security information response to AEF.
  • CCF-B sends the security information response to the AEF corresponding to the AEF ID based on the AEF ID in the security information response.
  • the security information response in step S8304D can be the fifth response in the previous embodiment.
  • step S8105 AEF sends an Authentication Initiation Response to the API caller.
  • AEF after obtaining security information for authentication (e.g., AEF psk ), AEF sends an authentication initiation response to the API caller to initiate TLS session establishment, etc.
  • the authentication initiation response can be the sixth response in the previous embodiment.
  • step S8106 the API caller and AEF use the key (AEF psk ) to perform mutual authentication and establish a TLS session.
  • Step S8107 The API caller sends an API invocation request to the AEF.
  • the API call request includes the CCF-A ID.
  • step S8108A AEF sends an authorization request to CCF-B.
  • AEF sends an authorization request to CCF-B to request authorization for the API caller's call request; the API caller has been certified by CCF-A.
  • step S8108B CCF-B sends an Authorization response to AEF.
  • CCF-B sends an authorization response to AEF to authorize API call requests from API callers certified by CCF-A.
  • step S8109 AEF sends an API invocation response to the API caller.
  • Figure 8C is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 8C, the present disclosure relates to an information processing method, which includes:
  • step S8201 the API caller sends an authentication start request to AEF.
  • the authentication initiation request includes an API Invoker ID and a CCF-A ID.
  • the API Invoker ID is the second identifier in the previous embodiment; the CCF-A ID is the third identifier in the previous embodiment.
  • the authentication initiation request can be the sixth message in the previous embodiment.
  • API callers authenticate with AEF by establishing a TLS session with AEF using authentication and authorization methods (i.e., server-side certificate authentication or certificate-based mutual authentication), as instructed by the CCF-A onboarding the API caller.
  • authentication and authorization methods i.e., server-side certificate authentication or certificate-based mutual authentication
  • step S8202A AEF sends a security information request to CCF-B to request security information.
  • the security information includes the API Invoker ID and the CCF-A ID.
  • the API Invoker ID is the second identifier in the previous embodiment; the CCF-A ID is the third identifier in the previous embodiment.
  • the security information request in step S8202A is the fifth message in the previous embodiment.
  • CCF-A is the CCF that the API caller has signed up for online.
  • step S8202B CCF-B sends a security information request to CCF-A to request security information.
  • CCF-B instructs AEF, based on the received CCF-A ID, not to use CCF-B's certificate to verify the API caller's certificate, but instead to obtain security information from CCF-A to perform authentication and secure connection establishment with the API caller.
  • CCF-B sends a security information request to CCF-A as indicated by the CCF-A ID.
  • step S8202C CCF-A sends a security information response to CCF-B.
  • CCF-A sends a security information response to CCF-B.
  • the security information response includes security information (e.g., CCF-A's certificate) and AEF ID; the security information may also include CCF-A ID and/or API Invoker ID.
  • the security information response in step S8304C can be the fourth response in the previous embodiments.
  • step S8202D CCF-B sends a security information response to AEF.
  • CCF-B sends the security information response to the AEF corresponding to the AEF ID based on the AEF ID in the security information response.
  • CCF-B can send the security response to the AEF via the CAPIF-3 interface.
  • the security information response in step S8304D can be the fifth response in the previous embodiment.
  • the security information may be security information related to the security mechanism (such as TLS with OAuth tokens) that the AEF uses to interact with the API caller.
  • security mechanism such as TLS with OAuth tokens
  • CCF-A based on the trusted business relationship between CCF-A and CCF-B, CCF-A returns the root CA certificate (e.g., the CCF-A certificate) of the API caller to AEF through CCF-B for the purpose of verifying the API caller's certificate.
  • the root CA certificate e.g., the CCF-A certificate
  • CCF-A returns its root certificate to AEF via CCF-B to verify the certificate of the API caller.
  • CCF-B may have already obtained the CCF-A certificate due to the business relationship between domain A and domain B before AEF requests authentication from the API caller.
  • CCF-B can then send the stored CCF-A certificate directly to AEF without contacting CCF-A in step S8202B; that is, steps S802B and S8202C can be deleted.
  • AEF can use the CCF-A certificate to authenticate the identity of the API caller and send an authentication initiation response message to the API caller to initiate the TLS session establishment process.
  • step S8203 AEF sends an Authentication Initiation Response to the API caller.
  • AEF sends an authentication initiation response to the API caller to initiate TLS session establishment, etc.
  • the authentication initiation response can be the sixth response in the previous embodiment.
  • step S8204 the API caller and AEF use certificates to perform mutual authentication and establish a TLS session.
  • Step S8205 The API caller sends an API invocation request to the AEF.
  • the API call request includes the CCF-A ID.
  • step S8206A AEF sends an authorization request to CCF-B.
  • AEF sends an authorization request to CCF-B to request authorization for the API caller's call request; the API caller has been certified by CCF-A.
  • step S8206B CCF-B sends an authorization request to CCF-A.
  • step S8206C CCF-A sends an authorization response to CCF-B.
  • CCF-A sends an authorization response to CCF-B to authorize API call requests from API callers certified by CCF-A.
  • step S8206D CCF-B sends an authorization response to AEF.
  • CCF-B sends an authorization response to AEF to authorize API call requests from API callers certified by CCF-A.
  • step S8207 AEF sends an API invocation response to the API caller.
  • the API caller and the CCF should negotiate the security methods (i.e., security mechanisms) used by the API caller and AEF for authentication and/or protection.
  • security methods i.e., security mechanisms
  • the CCF should select a security mechanism based on the API service subscribed to by the API caller, the access scenario (whether the API caller accesses the AEF before or during the service API call), and the AEF capabilities.
  • the CCF should then send the selected security mechanism, along with the information required for authentication of the API caller on the AEF, to the API caller. This information may include the validity period of the CAPIF-2e (the interface between the API caller and the AEF) credentials.
  • the CCF may include CCF-A and CCF-B; the API caller may be in the same domain as CCF-A; CCF-A determines the security mechanism for the interaction between the API caller and AEF and sends the security mechanism to the API caller; or, CCF-B determines the security mechanism for the interaction between the API caller and AEF and sends the security mechanism to CCF-A, which then forwards the security mechanism to the API caller.
  • API callers must have signed up online in CCF-A.
  • Figure 8D is a flowchart illustrating an information processing method according to an embodiment of the present disclosure. As shown in Figure 8D, the present disclosure relates to an information processing method, which includes:
  • step S8301 AEF configures the supported security mechanisms to CCF-B.
  • AEF sends a security mechanism it supports to CCF-B, or CCF-B requests AEF to provide a security mechanism it supports.
  • the security mechanism AEF sends to CCF-B can be the third information sent in the previous embodiments; the security mechanism CCF-B requests from AEF can be the seventh information sent to AEF in the previous embodiments.
  • the security mechanism may include at least one of the following: TLS-PSK, TLS-PKI, TLS with OAuth token, OAuth client credential flow, authorization code flow, and Proof Key for Code Exchange (PKCE) flow.
  • TLS-PSK TLS-PSK
  • TLS-PKI TLS with OAuth token
  • OAuth client credential flow OAuth client credential flow
  • authorization code flow authorization code flow
  • Proof Key for Code Exchange (PKCE) flow Proof Key for Code Exchange
  • Step S8302 Establish a TLS connection between the API caller and CCF-A.
  • the API caller and CCF-A establish mutual authentication based on client and server certificates using TLS.
  • step S8303 the API caller sends a Security Method Request to CCF-A.
  • the security method request is used to request a security mechanism for the interaction between the API caller and the AEF; the security method request includes information about the AEF (e.g., address information) and/or security mechanisms supported by the API caller.
  • the security method request can be the first message in the previous embodiments, and the security mechanisms supported by the API caller can be the first information in the previous embodiments.
  • the first information can also be replaced with CAPIF-2/CAPIF-2e security capability information, which indicates to the API caller a list of security mechanisms supported for each AEF on the CAPIF-2/CAPIF-2e interface.
  • Security mechanisms may include at least one of the following: TLS-PSK, TLS-PKI, TLS with OAuth token, OAuth client credential stream, authorization code stream, and PKCE stream, etc.
  • Step S8304A CCF-B selects the security mechanism.
  • CCF-A sends a common security mechanism supported by both CCF-A and the API caller to CCF-B, or CCF-A sends a complete set of security mechanisms supported by CCF-A and a complete set of security mechanisms supported by the API caller to CCF-B.
  • the common security mechanism can be a security mechanism jointly supported in the previous embodiment
  • the complete set of security mechanisms supported by CCF-A can be a security mechanism supported by the first device in the previous embodiment
  • the complete set of security mechanisms supported by the API caller can be a security mechanism supported by the second device in the previous embodiment.
  • AEF can be the target AEF.
  • CCF-A discovers that AEF was discovered through CCF-B
  • CCF-A sends to CCF-B a common security mechanism supported by both CCF-A and the API caller, or CCF-A sends to CCF-B a full set of security mechanisms supported by CCF-A and a full set of security mechanisms supported by the API caller.
  • CCF-A discovers that AEF-related service information (e.g., service API) is discovered through CCF-B, then CCF-A sends to CCF-B a common security mechanism supported by both CCF-A and the API caller, or CCF-A sends to CCF-B a full set of security mechanisms supported by CCF-A and a full set of security mechanisms supported by the API caller.
  • AEF-related service information e.g., service API
  • CCF-B should select the security mechanism used on the CAPIF-2/CAPIF-2e interface for each requested AEF, while taking into account the information from CCF-A, the access scenario, and AEF capabilities mentioned in step S8303.
  • the CCF-A information refers to the security mechanisms supported by CCF-A (i.e., the second information in the previous embodiment);
  • AEF capabilities refer to the security mechanisms supported by AEF (i.e., the third information in the previous embodiment);
  • the access scenario refers to whether the API caller accesses the AEF before or after the API service call.
  • CCF-B should send a security approach response to CCF-A, the security approach response indicating the security mechanism selected for each AEF and Security information related to security mechanisms.
  • Step S8304B CCF-A selects a security mechanism.
  • CCF-A discovers that AEF was discovered through CCF-B
  • CCF-A sends the AEF ID to CCF-B.
  • the AEF ID is used to request CCF-B to provide a security method supported by AEF (i.e., to provide the third information in the previous embodiments).
  • CCF-A discovers that AEF-related service information (e.g., service API) was discovered through CCF-B, then CCF-A sends the AEF ID to CCF-B.
  • AEF ID is used to request CCF-B to provide AEF-supported security methods (i.e., to provide the third information in the previous embodiments).
  • CCF-A sends the AEF ID to CCF-B.
  • the AEF ID is used to request CCF-B to provide a security method supported by AEF (i.e., to provide the third information in the previous embodiment).
  • CCF-A should select the security mechanism to be used on the CAPIF-2/CAPIF-2e interface for each request's AEF, taking into account the information from the API caller in step S8303, the security mechanisms supported by CCF-A, the access scenario, and AEF capabilities.
  • step S8305 CCF-A sends a Security Method Response to the API caller.
  • the security method response is used to indicate the security mechanism selected for each AEF and the security information associated with the security mechanism (i.e., the negotiated security mechanism for interaction between the API caller and the AEF).
  • the security method response is used to indicate the security mechanisms for API callers and AEF interactions.
  • This disclosure relates to an information processing method, which includes:
  • CCF-A should be able to provide CCF-B with AEF ID and security information.
  • CCF-A if CCF-A discovers that the target AEF is also discovered by CCF-B, then CCF-A should be able to send a common security mechanism supported by both CCF-A and the API caller to CCF-B.
  • CCF-A should be able to send the full set of security mechanisms supported by CCF-A and the full set of security mechanisms supported by the API caller to CCF-B.
  • CCF-A if CCF-A discovers that the target AEF has been discovered by CCF-B, then CCF-A sends the AEF ID to CCF-B.
  • the AEF ID is used to request CCF-B to provide a security mechanism that supports AEF.
  • CCF-A should be able to select the security mechanism to be used on the CAPIF-2/ interface for each request's AEF, while taking into account information from the API caller, the security mechanisms supported by CCF-A, the access scenario, and AEF capabilities.
  • CCF-B should be able to receive the AEF ID, API Invoker ID, and CCF-A ID from the AEF.
  • CCF-B should be able to request security information from an identified CCF-A.
  • CCF-B should be able to receive supported security mechanisms.
  • These security mechanisms include at least one of the following: TLS-PSK, TLS-PKI, TLS with OAuth token, OAuth client credential stream, authorization code stream, and PKCE stream, etc.
  • CCF-B should be able to select the security mechanism to be used on the CAPIF-2/CAPIF-2e interface for each request's AEF, while also considering CCF-A's information, access scenarios, and AEF capabilities.
  • CCF-B should be able to send a security method response to CCF-A, the security method response indicating the security mechanism selected for each AEF and any security information associated with the security mechanism.
  • CCF-B in order to request security information, should be able to send the API caller Invoker to the CCF identified by the CCF-A ID.
  • CCF-B should be able to send the security information provided by CCF-A to AEF.
  • the API caller should be able to send an API call request to the AEF, which includes the CCF-A ID.
  • AEF should be able to receive CCF-A IDs from API callers.
  • AEF should be able to send a security information request to CCF-B, which includes AEF ID, API Invoker ID, and CCF-A ID.
  • AEF should be able to send supported security mechanisms to CCF-B.
  • These security mechanisms include TLS-PSK, TLS-PKI, TLS with OAuth tokens, OAuth client credential streams, authorization code streams, PKCE streams, etc.
  • the AEF upon receiving a CCF-A ID, the AEF should be able to request security information from the CCF-A via the CCF-B to perform authentication and secure connection establishment with the API caller.
  • This disclosure also provides an apparatus for implementing any of the above methods.
  • an apparatus is provided that includes units or modules for implementing the steps performed by the terminal in any of the above methods.
  • another apparatus is provided that includes units or modules for implementing the steps performed by a network device (e.g., an access network device, a core network functional node, a core network device, etc.) in any of the above methods.
  • a network device e.g., an access network device, a core network functional node, a core network device, etc.
  • the division of units or modules in the above device is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated.
  • the units or modules in the device can be implemented by a processor calling software: for example, the device includes a processor connected to a memory containing instructions. The processor calls the instructions stored in the memory to implement any of the above methods or to implement the functions of the units or modules in the above device.
  • the processor can be, for example, a general-purpose processor, such as a Central Processing Unit (CPU) or a microprocessor, and the memory can be internal or external to the device.
  • the units or modules in the device can be implemented in the form of hardware circuits.
  • the functionality of some or all of the units or modules can be achieved through the design of these hardware circuits, which can be understood as one or more processors.
  • the hardware circuit is an Application-Specific Integrated Circuit (ASIC), and the functionality of some or all of the units or modules is achieved through the design of the logical relationships between the components within the circuit.
  • the hardware circuit can be implemented using a Programmable Logic Device (PLD), such as a Field-Programmable Gate Array (FPGA), which can include a large number of logic gates.
  • PLD Programmable Logic Device
  • FPGA Field-Programmable Gate Array
  • All units or modules of the above device can be implemented entirely through processor-called software, entirely through hardware circuits, or partially through processor-called software with the remaining parts implemented through hardware circuits.
  • the processor is a circuit with signal processing capabilities.
  • the processor can be a circuit with instruction read and execute capabilities, such as a Central Processing Unit (CPU), a microprocessor, a graphics processing unit (GPU) (which can be understood as a microprocessor), or a Digital Signal Processor (DSP).
  • the processor can implement certain functions through the logical relationships of hardware circuits. The logical relationships of the aforementioned hardware circuits are fixed or reconfigurable.
  • the processor is a hardware circuit implemented using an Application-Specific Integrated Circuit (ASIC) or a Programmable Logic Device (PLD), such as an FPGA.
  • ASIC Application-Specific Integrated Circuit
  • PLD Programmable Logic Device
  • the process of the processor loading a configuration document and configuring the hardware circuit can be understood as the process of the processor loading instructions to implement the functions of some or all of the above units or modules.
  • it can also be hardware circuits designed for artificial intelligence, which can be understood as ASICs, such as Neural Network Processing Unit (NPU), Tensor Processing Unit (TPU), Deep Learning Processing Unit (DPU), etc.
  • ASICs such as Neural Network Processing Unit (NPU), Tensor Processing Unit (TPU), Deep Learning Processing Unit (DPU), etc.
  • Figure 9A is a schematic diagram of the structure of a first device 9100 provided in an embodiment of this disclosure.
  • the first device 9100 includes a first transceiver module 9101 and a first processing module 9102.
  • the first transceiver module 9101 is used to receive a first message and/or receive a fourth message.
  • the first transceiver module 9101 is used to perform at least one of the sending and/or receiving steps performed by the first device 9100 in any of the above methods, which will not be elaborated here.
  • the first processing module 9102 is used to determine a security mechanism for interaction between the second device and the third device.
  • the first processing module 9102 performs at least one of the processing steps performed by the first device 9100 in any of the above methods, which will not be elaborated here.
  • Figure 9B is a schematic diagram of the structure of the fourth device 9200 provided in an embodiment of this disclosure.
  • the fourth device 9200 includes a second transceiver module 9201 and a second processing module 9202.
  • the second transceiver module 9201 is used to send a second response message and/or receive a fifth message.
  • the second transceiver module 9201 is used to perform at least one of the sending and/or receiving steps performed by the fourth device 9200 in any of the above methods, which will not be described in detail here.
  • the second processing module 9202 is used to determine a security mechanism for interaction between the second device and the third device.
  • the second processing module 9202 performs at least one of the processing steps of the fourth device 9200 in any of the above methods, which will not be described in detail here.
  • Figure 9C is a schematic diagram of the structure of the second device 9300 provided in an embodiment of this disclosure.
  • the second device 9300 includes a third transceiver module 9301.
  • the third transceiver module 9301 is used to send a first message and/or send a sixth message.
  • the third transceiver module 9301 is used to perform at least one of the sending and/or receiving steps performed by the second device 9300 in any of the above methods, which will not be described in detail here.
  • Figure 9D is a schematic diagram of the structure of the third device 9400 provided in an embodiment of this disclosure.
  • the third device 9400 includes a fourth transceiver module 9401.
  • the fourth transceiver module 9401 is used to receive a seventh message and/or send a fifth message.
  • the fourth transceiver module 9401 is used to perform at least one of the sending and/or receiving steps performed by the third device 9400 in any of the above methods, which will not be described in detail here.
  • the transceiver module may include a transmitting module and/or a receiving module, which may be separate or integrated.
  • the transceiver module may be interchangeable with a transceiver.
  • the first transceiver module described above includes a first transmitting module and/or a first receiving module.
  • the second transceiver module described above includes a second transmitting module and/or a second receiving module.
  • the processing module may be a single module or may include multiple sub-modules.
  • the multiple sub-modules may each perform all or part of the steps required by the processing module.
  • the processing module may be interchangeable with a processor.
  • FIG 10A is a schematic diagram of the structure of the communication device 10100 proposed in an embodiment of this disclosure.
  • the communication device 10100 can be a network device (e.g., access network device, core network device, etc.), a terminal, a chip, chip system, or processor that supports the network device in implementing any of the above methods, or a chip, chip system, or processor that supports the terminal in implementing any of the above methods.
  • the communication device 10100 can be used to implement the methods described in the above method embodiments; for details, please refer to the descriptions in the above method embodiments.
  • the communication device 10100 includes one or more processors 10101.
  • the processor 10101 can be a general-purpose processor or a dedicated processor, such as a baseband processor or a central processing unit (CPU).
  • the baseband processor can be used to process communication protocols and communication data, while the CPU can be used to control communication devices (e.g., base stations, baseband chips, terminal devices, terminal device chips, DUs or CUs, etc.), execute programs, and process program data.
  • the communication device 10100 can be used to execute any of the above methods.
  • one or more processors 10101 can be used to invoke instructions to cause the communication device 10100 to execute any of the above methods.
  • the communication device 10100 further includes one or more transceivers 10102.
  • the transceiver 10102 performs at least one of the communication steps such as sending and/or receiving in the above method (e.g., at least one of steps S2101 to S2104, S2106, S2108, S2109, S2201 to S2206, etc., but not limited thereto), and the processor 10101 performs at least one of other steps (e.g., steps S2105 and/or S2107, etc., but not limited thereto).
  • the transceiver may include a receiver and/or a transmitter, which may be separate or integrated together.
  • transceiver transceiver unit, transceiver, transceiver circuit, interface circuit, and interface
  • terms such as transmitter, transmitting unit, transmitter, and transmitting circuit can be used interchangeably
  • terms such as receiver, receiving unit, receiver, and receiving circuit can be used interchangeably.
  • the communication device 10100 further includes one or more memories 10103 for storing data.
  • the memories 10103 may be located outside the communication device 10100.
  • the communication device 10100 may include one or more interface circuits 10104.
  • the interface circuits 10104 are connected to the memories 10103 and can be used to receive data from the memories 10103 or other devices, and to send data to the memories 10103 or other devices.
  • the interface circuits 10104 can read data stored in the memories 10103 and send the data to the processor 10101.
  • the communication device 10100 described in the above embodiments may be a network device or a terminal, but the scope of the communication device 10100 described in this disclosure is not limited thereto, and the structure of the communication device 10100 may not be limited by FIG10A.
  • the communication device may be a standalone device or may be part of a larger device.
  • the communication device may be: (1) a standalone integrated circuit IC, or chip, or chip system or subsystem; (2) a collection of one or more ICs, optionally, the IC collection may also include storage components for storing data and programs; (3) an ASIC, such as a modem; (4) a module that can be embedded in other devices; (5) a receiver, terminal device, smart terminal device, cellular phone, wireless device, handheld device, mobile unit, vehicle device, network device, cloud device, artificial intelligence device, etc.; (6) others, etc.
  • Figure 10B is a schematic diagram of the structure of chip 10200 according to an embodiment of this disclosure.
  • the communication device 10100 can be a chip or a chip system, please refer to the schematic diagram of chip 10200 shown in Figure 10B, but it is not limited thereto.
  • Chip 10200 includes one or more processors 10201. Chip 10200 is used to perform any of the above methods.
  • chip 10200 further includes one or more interface circuits 10202.
  • interface circuits 10202 include one or more memories 10203 for storing data.
  • all or part of the memories 10203 may be located outside of chip 10200.
  • interface circuit 10202 is connected to memory 10203, and interface circuit 10202 can be used to receive data from memory 10203 or other devices, and interface circuit 10202 can be used to send data to memory 10203 or other devices.
  • interface circuit 10202 can read data stored in memory 10203 and send the data to processor 10201.
  • the interface circuit 10202 performs at least one of the communication steps such as sending and/or receiving in the above-described method (e.g., at least one of steps S2101 to S2104, S2106, S2108, S2109, S2201 to S2206, etc., but not limited thereto).
  • the interface circuit 10202 performing the communication steps such as sending and/or receiving in the above-described method refers, for example, to the interface circuit 10202 performing data interaction between the processor 10201, the chip 10200, the memory 10203, or the transceiver device.
  • the processor 10201 performs at least one of other steps (e.g., steps S2105 and/or S2107, etc., but not limited thereto).
  • modules and/or devices described in the various embodiments can be combined or separated arbitrarily as needed.
  • some or all steps can also be performed collaboratively by multiple modules and/or devices, which is not limited here.
  • the storage medium is an electronic storage medium.
  • the storage medium is a computer-readable storage medium, but not limited thereto; it may also be a storage medium readable by other devices.
  • the storage medium may be a non-electronic storage medium.
  • Non-transitory storage media, but not limited to this, can also be temporary storage media.
  • This disclosure also provides a program product that, when executed by the communication device 10100, causes the communication device 10100 to perform any of the above methods.
  • the program product is a computer program product.
  • This disclosure also proposes a computer program that, when run on a computer, causes the computer to perform any of the above methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des modes de réalisation de la présente invention concernent un procédé de traitement d'informations, un dispositif, un système de communication et un support de stockage. Le procédé de traitement d'informations est exécuté par un premier dispositif et comprend : la réception d'un premier message envoyé par un deuxième dispositif, dans lequel le premier message comprend un premier identifiant, le premier identifiant est un identifiant d'un troisième dispositif, et le premier message est utilisé pour demander un mécanisme de sécurité pour l'interaction entre le deuxième dispositif et le troisième dispositif ; et l'envoi d'une première réponse au deuxième dispositif, dans lequel la première réponse est utilisée pour indiquer le mécanisme de sécurité pour l'interaction entre le deuxième dispositif et le troisième dispositif.
PCT/CN2024/111316 2024-08-11 2024-08-11 Procédé de traitement d'informations, dispositif, système de communication et support de stockage Pending WO2026036237A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2024/111316 WO2026036237A1 (fr) 2024-08-11 2024-08-11 Procédé de traitement d'informations, dispositif, système de communication et support de stockage
CN202480001847.3A CN121866797A (zh) 2024-08-11 2024-08-11 信息处理方法、设备、通信系统及存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2024/111316 WO2026036237A1 (fr) 2024-08-11 2024-08-11 Procédé de traitement d'informations, dispositif, système de communication et support de stockage

Publications (1)

Publication Number Publication Date
WO2026036237A1 true WO2026036237A1 (fr) 2026-02-19

Family

ID=98779957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/111316 Pending WO2026036237A1 (fr) 2024-08-11 2024-08-11 Procédé de traitement d'informations, dispositif, système de communication et support de stockage

Country Status (2)

Country Link
CN (1) CN121866797A (fr)
WO (1) WO2026036237A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112352409A (zh) * 2018-04-06 2021-02-09 日本电气株式会社 下一代网络中的通用api框架所用的安全过程
WO2023144649A1 (fr) * 2022-01-28 2023-08-03 Lenovo (Singapore) Pte. Ltd. Gestion d'accès à une interface de programmation d'application (api) dans des systèmes sans fil
WO2023144650A1 (fr) * 2022-01-28 2023-08-03 Lenovo (Singapore) Pte. Ltd. Gestion d'accès à une interface de programmation d'application (api) dans des systèmes sans fil
US20230359515A1 (en) * 2020-09-30 2023-11-09 Telefonaktiebolaget Lm Ericsson (Publ) Method and Apparatus for Application Programming Interface Management
CN117280675A (zh) * 2023-08-06 2023-12-22 北京小米移动软件有限公司 信息指示方法、第一api调用者、第一网络功能和存储介质
CN118251657A (zh) * 2021-11-10 2024-06-25 瑞典爱立信有限公司 用于应用服务器监视的网络节点和其中的方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112352409A (zh) * 2018-04-06 2021-02-09 日本电气株式会社 下一代网络中的通用api框架所用的安全过程
US20230359515A1 (en) * 2020-09-30 2023-11-09 Telefonaktiebolaget Lm Ericsson (Publ) Method and Apparatus for Application Programming Interface Management
CN118251657A (zh) * 2021-11-10 2024-06-25 瑞典爱立信有限公司 用于应用服务器监视的网络节点和其中的方法
WO2023144649A1 (fr) * 2022-01-28 2023-08-03 Lenovo (Singapore) Pte. Ltd. Gestion d'accès à une interface de programmation d'application (api) dans des systèmes sans fil
WO2023144650A1 (fr) * 2022-01-28 2023-08-03 Lenovo (Singapore) Pte. Ltd. Gestion d'accès à une interface de programmation d'application (api) dans des systèmes sans fil
CN117280675A (zh) * 2023-08-06 2023-12-22 北京小米移动软件有限公司 信息指示方法、第一api调用者、第一网络功能和存储介质

Also Published As

Publication number Publication date
CN121866797A (zh) 2026-04-14

Similar Documents

Publication Publication Date Title
WO2023011630A1 (fr) Procédé et appareil de vérification d'autorisation
WO2025035417A1 (fr) Procédé de traitement d'informations, appareil et support de stockage
WO2026036237A1 (fr) Procédé de traitement d'informations, dispositif, système de communication et support de stockage
WO2025043723A1 (fr) Procédé et appareil de traitement d'informations
WO2025030300A1 (fr) Procédé d'indication d'informations, premier invocateur d'api, première fonction de réseau et support de stockage
WO2026036238A1 (fr) Procédé de traitement d'informations, dispositif, système de communication et support de stockage
CN122003898A (zh) 信息处理方法、设备、通信系统及存储介质
WO2026007146A1 (fr) Procédé de traitement d'informations, système de communication et support de stockage
WO2026036239A1 (fr) Procédé de traitement d'informations, dispositif, système de communication, et support de stockage
WO2025010609A1 (fr) Procédé de traitement de communication et équipement utilisateur
WO2026065134A1 (fr) Procédés de communication, élément de réseau, terminal, dispositif et support de stockage
WO2026055947A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication, support de stockage et produit-programme
WO2025213348A1 (fr) Procédé de communication, dispositif et support de stockage
WO2026073452A1 (fr) Procédés de communication, appelant d'api, rof, ccf, système de communication et support de stockage
WO2026055945A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication, support de stockage et produit-programme
WO2025236134A1 (fr) Procédé de communication, terminal, dispositif de réseau et support de stockage
WO2026073453A1 (fr) Procédés de communication, appelant d'api, rof, ccf, système de communication et support de stockage
WO2025217856A1 (fr) Procédé d'établissement de canal de transmission de données, dispositif de réseau, terminal, système de communication et support
WO2025213315A1 (fr) Procédé de communication, dispositif de communication, système de communication, et support de stockage
WO2025213393A1 (fr) Procédé d'authentification d'utilisateur, dispositif de communication et support de stockage
WO2025213303A1 (fr) Procédés de traitement d'informations, dispositif réseau, terminal, système de communication et support de stockage
WO2026091115A1 (fr) Procédé de traitement d'informations, dispositif, système de communication et support de stockage
WO2026085823A1 (fr) Procédé de traitement de sécurité de données, dispositif de communication, système de communication, support de stockage et produit programme
WO2026065156A1 (fr) Procédé de communication, terminal, élément de réseau, système et support
CN121420576A (zh) 用户认证方法、通信设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24950929

Country of ref document: EP

Kind code of ref document: A1